Jamie Dimon is not easily rattled. He has led JPMorgan Chase through a pandemic, a regional banking crisis, the 2008 collapse, and more congressional interrogations than most people could handle. On an earnings call, he tells analysts that artificial intelligence has “made it worse, it’s made it harder,” and the room usually listens. Sitting in front of his typical quarterly script on April 14, Dimon strayed a bit. He discussed a model known as Mythos.
The new Anthropic product is called Mythos. With the kind of staged announcement that AI companies prefer, it was meant to land silently. Rather, a Cambridge security researcher discovered an unprotected URL on Anthropic’s content management system late on March 26. A draft blog post about a model that the company’s own engineers were referring to as “by far the most powerful AI model we’ve ever developed” was among the approximately 3,000 internal files that were visible. Capybara was the codename found in the documents. After confirming the leak eleven days later, Anthropic renamed the model Mythos Preview and took a step that has never been seen in the industry. They declined to make it public.
| Key Information | Details |
|---|---|
| Model Name | Claude Mythos Preview |
| Developer | Anthropic |
| Internal Codename (Leaked) | Capybara |
| Announcement Date | April 7, 2026 |
| Leak Date | March 26, 2026 (Cambridge researcher) |
| Reported Architecture | Mixture of Experts, ~10 trillion total parameters |
| Active Parameters per Forward Pass | 800 billion to 1.2 trillion |
| Vulnerabilities Discovered | 2,000+ zero-days in seven weeks of testing |
| Release Status | Withheld from public; limited partner access |
| Partner Initiative | Project Glasswing (12 organizations) |
| Notable Partners | AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan Chase |
| Key Government Briefings | CISA, Center for AI Standards and Innovation |
| JPMorgan CEO Comment Date | April 14, 2026 (Q1 earnings call) |
| Treasury Response | Secretary Scott Bessent convened bank CEOs |
In a sense, that rejection is the whole story. There was no slow rollout, no paid tier, and no waitlist. As of right now, the most powerful AI Anthropic has ever created is hidden behind a partner program called Project Glasswing, which involves roughly a dozen companies, including Dimon’s own JPMorgan, AWS, Apple, Cisco, Google, Microsoft, and NVIDIA. On the surface, Anthropic’s justification for keeping it inside is unsettling. In about seven weeks of testing, Mythos discovered over 2,000 unidentified software flaws. It revealed some bugs that had been concealed in popular operating systems and browsers for more than two decades.
That’s what keeps Dimon awake. It’s not the model per se, but what it suggests. If a frontier AI can identify that many plumbing flaws in the world in less than two months, then anyone with malicious intent and access to a comparable tool can do the same. “It does create additional vulnerabilities,” Dimon stated, “and maybe down the road, better ways to strengthen yourself too.” In that sentence, the “maybe” is doing a lot of work.
Something seems to have changed in Washington. Within days of receiving a briefing, Treasury Secretary Scott Bessent reportedly called bank CEOs to discuss Mythos. The Hill was informed by Dean Ball, co-author of the Trump White House AI Action plan, that the administration had been working under the presumption that advancements in AI were stagnating. In just one week, Mythos appears to have dispelled that presumption. He claimed that officials were becoming aware that they would need to “get their hands dirty.”
Concerns within JPMorgan extend beyond the bank itself. Dimon continued to return to a point that receives insufficient attention. Banks are not isolated entities. They are integrated into the entire complex system of contemporary finance, including exchanges, clearinghouses, vendors, and payment rails. “Banks are attached to exchanges and all these other things that create other layers of risk,” he stated. Beside him, CFO Jeremy Barnum presented it in a more detached manner. According to him, these tools are both beneficial for defenders and hazardous when used for attack.
It’s difficult to ignore this moment’s peculiar shape. A model so strong that its manufacturer refuses to ship it. A bank CEO acknowledges in public that the new tools make his job more difficult. Of all things, Cambridge researchers discovered trillion-parameter secrets via an unprotected URL. For his part, Dimon came to an almost archaic conclusion. He referred to it as hygiene. Networks, routers, passwords—the dull stuff. He claimed that doing the fundamentals correctly still significantly lowers the risk. Nobody wants to publicly respond to the question of whether that is still sufficient.
